Whom to Secure?
1. Server Operating System
2. Web application
3. Apache webserver and its applications
4. Databases
5. Attached Network
Attacks:
1. DOS (Denial of Service) Attacks
2. Directory or file permissions
3. Site Defacements
4. DNS Poisoning (indirect attack)
5. Exposure of internal servers from website entry point
6. Replay Attacks (prevent by timestamp usage)
7. Relay Attacks.
8. AJAX requests security
9. CSRF (Cross Site Request Forgery)
10. SQL Injection Attacks
11. File Security
Testing Tools:
1. Banner grabbing to determine webserver software
2. Use of Nikto, Whisker, N-Stealth, Metaspoilt, or other security testing tools.
3. Web Inspect
4. Black Widow
5. Web Sleuth
6. Input field manipulation
7. Cross Site Scripting (XSS)
Check Lists:
- Search for lax permissions on directories and files
- Look for insecure scripts and applications on server
- Applications running under higher-level privileges than necessary - often 'root'!
- CGI, Java or other script vulnerabilities
- Lack of input validation checking
- Improper permissions set on application files - allows remote user to browse,
execute or modify files
- Buffer Overflows
- Lock down application files and directories
- Only run applications with minimum permissions required to perform functions
- Database access to all users?
- Sanitize user inputs before storing to database and sanitize objects before displaying on GUI
- Ensure all unnecessary services are turned off through inetd and/or TCP_WRAPPERS
- Ensure all unnecessary services are turned off through inetd and/or TCP_WRAPPERS
- Mount publicly accessible partitions as read-only
- Restrict use of suid to trusted processes and users
- Restrict remote management/connections to ssh only no XDMCP or telnet
- Block incoming 'ping', Ping storms are a common DOS attack.
Do's and Dont's:
1. Always use sftp to transfer files (do not use ftp, rlogin, and other unencrypted protocols). The user/pwd information in non-secure protocols are sent as clear text and anyone can sniff them using various network sniffing tools.
2. Use ssh to login to remote machines.
3. Never login to your root account directly unless really required. Login to another account and then switch to root user whenever necessary (shell > su root)
Other Tools:
1. Bastille (hardening program) to provide automated, secure configuration for linux based servers
- Restrict use of suid to trusted processes and users
- Restrict remote management/connections to ssh only no XDMCP or telnet
- Block incoming 'ping', Ping storms are a common DOS attack.
Do's and Dont's:
1. Always use sftp to transfer files (do not use ftp, rlogin, and other unencrypted protocols). The user/pwd information in non-secure protocols are sent as clear text and anyone can sniff them using various network sniffing tools.
2. Use ssh to login to remote machines.
3. Never login to your root account directly unless really required. Login to another account and then switch to root user whenever necessary (shell > su root)
Other Tools:
1. Bastille (hardening program) to provide automated, secure configuration for linux based servers
List of Ethical Hackers / Pen(etration) Testers:
No comments:
Post a Comment